Conficker Virus Hijacked My Friend’s Hotmail Account and Spammed Her Contacts
*** UPDATED: 05/16/09 ***
About a week ago I received an email from a friend of mine whom I talk to regularly. It seemed rather odd. The writing style of the email did not match my friend’s style. Also she was asking me to wire $2,000 to her current location in England. Last we spoke she had not previously mentioned any travel beyond her home in the United States and if anybody I know were to ask me for money they would do so in person or at least call me on my cell phone. Below is the email I was sent from my friend’s Hotmail account. (My friend’s name was changed to protect her identity from further being stolen.
Hello,
How are you doing today? I am sorry i didn't inform you about my traveling to London for a
program called "Empowering Youth to Fight Racism, HIV/AIDS, the program is taking place in
London.
It has been a very sad and bad moment for me, the present condition that i found myself is
very hard for me to explain.
I am really stranded in London because I forgot my little bag in the Taxi where my money,
passport, documents and other valuable things were kept on my way to the Hotel to lodge,
the cab man made away with my bag containing all this documents. I am facing a hard time
here because i have no money on me to fix my basic needs here now.
I am sending you this e-maili from the city Library and i am begging you to please borrow and
send to me $2000 here in London so that i can pay the hotel bills here and fix up the
necessary things then i will start coming back home and when i get home i will pay you back
the money .
Please help me send the money via western union,locate a Western union money transfer
there, I was told that the fastest means to receive money here is through Western Union
money transfer, Please use the below info to send the money today to me via Western
Union.
Name : Lucy Sanders
Address :5 Bedford Way, London
State :London,
Country: England
Test Question:Colour
Answer :White
Amount send $2000
Hope to hear from you soon and i promise to pay you back
I await the western union transfer details and MTCN from you,God bless you as you do
Thanks
Lucy
I spoke to her in person the next day. She told me that all her Hotmail contacts reported that they received the same spam email. Lucy’s Hotmail account was hijacked by the Conficker virus. Conficker changed her Hotmail password and all information related to password reset methods. I confirmed this when I attempted to reset her password. Since the Conficker virus changed all her account information then how could she confirm to Microsoft that she is the real owner of this email address? In my opinion this email address is unrecoverable. She has since created an alternate email address. I strongly urge all of you to update your anti-virus software to the latest signature updates. All good anti-virus software allows you to set it up to automatically update itself on a daily basis or as soon as an update becomes available. If you do not have good anti-virus software or none at all I recommend using Kaspersky Anti-Virus 2009. It’s the one I have been using for a years to keep my PC virus-free.
05/16/09 Update: A couple of days ago I received another scam email from Lucy's Hotmail account. This time it is a Nigerian Email Scam. I copied and pasted the email below.
Hello i am an Account Officer with United Bank for Africa, My name is James Baker .
I am the personal Account Manager to An Engineer a National of your
country who used to work with an Oil servicing Firm in Nigeria. On October
21, 2006 my client was involved in a car accident along Agege express way.
All occupants of the vehicle unfortunately lost their lives. Since then I
have made several inquiries to your embassy to locate any of my client's
extended Relatives, this has also proved unsuccessful.
After these several unsuccessful attempts, I decided to trace his last name
over the Interneti, to locate any member of his family hence I contacted you.
I have contacted you to assist in repatriating the money and property left
behind by my client before they get confiscated or declared unserviceable by
the bank where this huge deposits were lodged, particularly UNITED BANK OF
AFRICA Where the deceased had an account Valued about $15million us
dollars.The bank has Issued me a notice to provide the next of kin. Or have
the account confiscated within the next ten official working days.
Since I have been unsuccessful in locating the relatives for over 2 years, and since you bear the same last name with him, I now seek your consent to PRESENT you as the NEXT OF KIN of the deceased so that this account valued at $ 15 million us dollars will be paid to you. The sharing modality is still open and negotiable. All I require is your honest cooperation to enable us see this deal through. I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law. Please get in touch with me by my email.
Best Regards
James Baker
If you or anybody you know that has been infected by the Conficker virus SPEAK UP! Post a comment below.
SCAM
I want to rent a place in Canada so i send somebody an email that is on craigslist and i received this:
Hello,
Thanks for your interest and inquiries about my condo.Yes the property is still available for rent and we are looking for a responsible person/family to occupy and maintain the property now that we are not around.Myself and wife just traveled to London United Kingdom for a programme called Empowering Youth to Fight Racism, HIV/AIDS, Poverty and Lack of Education, the programme is taking place in major countries in Europe and Africa which are UK, Spain,Germany,South Africa,Ghana.We will be away for 3 to 5 years or more that is why I have made up my mind to put up my property for rent to whom ever that will take good care of it.Also how long do you intend to stay? How soon do you intend to move in?
Here are details of the property:
Laundry, Electric Range, Electric Heat,Air Conditioning,Patio/Party Deck,Cable TV,Ceiling Fans,24 hours,Internet service,Dishwasher,Firepit,Garbage Disposal,Microwave,security alarm,Pets Allowed,Refrigerator,Washer / Dryer
Please feel free to ask any questions you do not understand and i will be looking forward to recieve your email as soon as possible.
We are not around to show the inside, you can go check out the property and the neighborhood from the outside and get back to me if you really like it for more information.
APPLICATION FORM ============
PRIVATE & CONFIDENTIAL
Please answer these questions below if you are Interested
1)Your Full Name_____________________________________
2)Present Address(where you reside now) & Phone__________________________
3)How old are you_____________________________
4)Are you married_ _____________________________ _____
5)How many people will be living in the property___________________________
6)Do you have a pet____ _____________________________________
7)Do you have a car_______ ___________________________________
8)Occupation____________ _________________
9)How long are you willing to stay___________________________-
10)When do you intend to move in ___
Hope to read from you as soon as possible.
Regards.
RE: My e-mail got scamed and
Hello,
I am assuming you have a web email address like Gmail, Hotmail or Yahoo mail? If so can you still log in? If you can, after you login go to the account options/setting and Delete your email account.
HI My e-mail got scamed and
HI
My e-mail got scamed and everyone was sent out an e-mail asking for money.
How do I get rid of that account.
OMFG, I just received a NIGERIAN SCAM email from her Hotmail
I will post it up later, when I get home from work.
Possible password stealing methods Conficker uses
The virus attacks web-based email by either 1 of 2 ways. As you suggested one way could be via key logger. So it keeps a log of any keyboard input which includes every username and password anyone types in as they login to their email accounts or favorite sites like MySpace. The other method could be web browser hijacking/intrusion. If anyone out there is like me and saves their usernames and passwords to all of their favorite sites on their home computer (I am guessing that many are like me?) to save time and hassle it can take advantage of this. When you save your username and password on a web browser (Internet Explorer, Firefox, etc.) it is encrypted and stored somewhere on the computer. The virus can be programmed to go to that specific location, decrypt the information and find out what website it belongs to. I am not sure which method the Conficker virus uses.
The next step is to use that information with a preprogrammed set of instructions. In my friend’s case it logged into her Hotmail account, changed her passwords and all password hints so she could not reset it. Then it spammed all of her Hotmail contacts asking them for money.
hotmail spam
I received a few emails returned to me a month or so ago. What happened was that somehow a spam email was sent to all of my contacts and the few that were outdated bounced back (thank the Lord b/c that was my first indication of a problem!).
No PW info was changed (until I obviously jumped in there and changed it) and I haven't had a problem since.
How does Conficker attack web-based email? Keylogging on the owner's pc?
She finally brought me her
She finally brought me her laptop to remove the viruses she had. They did not mess with her Windows Update settings.
Automatic Updates shut off by Conficker
She didn't mention anything about automatic updates being turned off. But she really doesn't pay attention to stuff like that. I am going to checkout her PC this week. I will get back to you after I check it out.
Automatic Updates
Do you know if it turned off her automatic updates? Mine was shutoff one morning and it seemed odd.
Microsoft's Conficker Page:
http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx